FBI and DOJ threaten tech companies with legislation forcing them to break encryption

Yesterday FBI Director James Comey and Deputy Attorney General Sally Quillian Yates testified before a Senate Judiciary committee that they are stumped by end-to-end encryption and that while they want to work with the private sector to come up with a solution Yates noted that a legislative mandate “may ultimately be necessary” to force companies to comply.

To back up their stand they also tried playing the terrorism card saying that ISIS is using social media to bolster their recruitment efforts. When a prospective terrorist is first contacted they are told to switch to an end-to-end encrypted messaging system where they can work out their nefarious plans in private. Comey said that the FBI is doing the best they can with existing tools and they have arrested dozens of potential terrorists in the past year, but sooner or later something is going to slip through.

Curiously Yates said that when the DOJ is presented with instances of encryption they no longer even try to secure a wiretap order. When asked how many times this has happened she replied, “Being able to give you hard numbers on the number of cases that have been impacted is impossible.”

Yea, right. It’s not like the DOJ keeps records of their investigations or anything like that. (Of course one could ask if they didn’t already have a legal wiretap order then how did they discover a particular communication was encrypted in the first place?)

And if they really wanted to convince the committee that this was a big problem wouldn’t it have been better for them to hold up a thick sheaf of paper and shout ‘I have a list of over 13,000 investigations where our efforts were hampered because of encryption!’

According to the United States Courts Wiretap Report 2014 published on December 31, 2014 there were a total of 3,554 wiretaps reported as authorized in 2014, with 1,279 authorized by federal judges and 2,275 authorized by state judges.

Note that these are only the officially reported instances of legal wiretaps and does not include illegal wiretaps or those authorized by The Foreign Intelligence Surveillance Court. It should also be noted that 89% of the wiretaps involved illegal drugs, 4% involved homicide cases (the second-most frequently cited crime) and less than 3% of the applications involved smuggling and money laundering. Terrorism isn’t even on the list.

The report states:

The number of state wiretaps in which encryption was encountered decreased from 41 in 2013 to 22 in 2014. In two of these wiretaps, officials were unable to decipher the plain text of the messages. Three federal wiretaps were reported as being encrypted in 2014, of which two could not be decrypted. Encryption was also reported for five federal wiretaps that were conducted during previous years, but reported to the AO for the first time in 2014. Officials were able to decipher the plain text of the communications in four of the five intercepts.

So in 2014 only five out of all 3,554 messages intercepted with wiretaps couldn’t be read.

This doesn’t sound like a problem worthy of federal regulation to me but hey, maybe if the police had been able to read those five messages there would be one more pot dealer in jail.

And if the FBI and DOJ think that forcing Apple, Facebook, Twitter and Google to provide back doors into their encryption is going to thwart ISIS then do a quick Google search on ‘encryption software’ and you will find 11,400,000 products and articles. So if the terrorists don’t trust those four companies there are hundreds of other encryption choices to pick from.